Total
14138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27707 | 1 Dedecms | 1 Dedecms | 2025-02-26 | 7.2 High |
| SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | ||||
| CVE-2023-27569 | 1 Prestashop | 1 Eo Tags | 2025-02-26 | 9.8 Critical |
| The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header. | ||||
| CVE-2023-27250 | 1 Online Book Store Project Project | 1 Online Book Store Project | 2025-02-26 | 9.8 Critical |
| Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php. | ||||
| CVE-2023-1474 | 1 Automatic Question Paper Generator System Project | 1 Automatic Question Paper Generator System | 2025-02-26 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file users/question_papers/manage_question_paper.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223336. | ||||
| CVE-2024-3418 | 2 Argie, Sourcecodester | 2 Online Courseware, Online Courseware | 2025-02-26 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-3432 | 2025-02-26 | 5.5 Medium | ||
| A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259613 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-1545 | 1 Teampass | 1 Teampass | 2025-02-26 | 7.5 High |
| SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. | ||||
| CVE-2024-1990 | 1 Metagauss | 1 Registrationmagic | 2025-02-26 | 8.8 High |
| The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-2871 | 1 Davidlingren | 1 Media Library Assistant | 2025-02-26 | 6.4 Medium |
| The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2023-27570 | 1 Prestashop | 1 Eo Tags | 2025-02-26 | 9.8 Critical |
| The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie. | ||||
| CVE-2023-1466 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-02-26 | 6.3 Medium |
| A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(SLEEP(5)))FWlC) AND 'butz'='butz leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223325 was assigned to this vulnerability. | ||||
| CVE-2023-1495 | 1 Ruifang-tech | 1 Rebuild | 2025-02-26 | 6.3 Medium |
| A vulnerability classified as critical was found in Rebuild up to 3.2.3. Affected by this vulnerability is the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c9474f84e5f376dd2ade2078e3039961a9425da7. It is recommended to apply a patch to fix this issue. The identifier VDB-223381 was assigned to this vulnerability. | ||||
| CVE-2023-1152 | 1 Utarit | 1 Persolus | 2025-02-26 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93. | ||||
| CVE-2023-25684 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-02-26 | 6.5 Medium |
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597. | ||||
| CVE-2023-26784 | 1 Tosec | 1 Kirin Fortress Machine | 2025-02-26 | 9.8 Critical |
| SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter. | ||||
| CVE-2023-27037 | 1 Qibosoft | 1 Qibocms | 2025-02-26 | 8.8 High |
| Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php | ||||
| CVE-2023-27638 | 1 Tshirtecommerce | 1 Custom Product Designer | 2025-02-26 | 9.8 Critical |
| An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023. | ||||
| CVE-2023-27637 | 1 Tshirtecommerce | 1 Custom Product Designer | 2025-02-26 | 9.8 Critical |
| An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023. | ||||
| CVE-2025-25521 | 2025-02-26 | 9.8 Critical | ||
| Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php. | ||||
| CVE-2025-25520 | 2025-02-26 | 9.8 Critical | ||
| Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php. | ||||